Org.apache.tomcat.embed:tomcat-embed-core

This hub aggregates every CVE we track for Org.apache.tomcat.embed:tomcat-embed-core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Org.apache.tomcat.embed:tomcat-embed-core.

• CVE-2026-24733Apache Tomcat: Security constraint bypass with HTTP/0.96.5Feb 17, 2026
• CVE-2025-66614Apache Tomcat: Client certificate verification bypass due to virtual host mapping7.6Feb 17, 2026
• CVE-2025-61795Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS5.3Oct 27, 2025
• CVE-2025-55752Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled7.5Oct 27, 2025
• CVE-2025-55754Apache Tomcat: console manipulation via escape sequences in log messages9.6Oct 27, 2025
• CVE-2025-48989Apache Tomcat: h2 DoS - Made You Reset7.5Aug 13, 2025
• CVE-2025-53506Apache Tomcat: DoS via excessive h2 streams at connection start7.5Jul 10, 2025
• CVE-2025-52520Apache Tomcat: DoS via integer overflow in multipart file upload7.5Jul 10, 2025
• CVE-2025-49124Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows8.4Jun 16, 2025
• CVE-2025-49125Apache Tomcat: Security constraint bypass for pre/post-resources7.5Jun 16, 2025
• CVE-2025-48988Apache Tomcat: FileUpload large number of parts with headers DoS7.5Jun 16, 2025
• CVE-2025-46701Apache Tomcat: Security constraint bypass for CGI scripts7.3May 29, 2025
• CVE-2025-31651Apache Tomcat: Bypass of rules in Rewrite Valve9.8Apr 28, 2025
• CVE-2025-31650Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame7.5Apr 28, 2025
• CVE-2025-24813Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUTKEV9.8Mar 10, 2025